Saturday, 30 June 2012

Now i will show you how to hack
a website with Denial of service attack. For this tutorial we will be
using one of the most effective and one of the least known tools called
"Low Orbit Ion Cannon", created by Anonymous members from 4chan.org,
this program is one of the best for DDoS'ing, and I have successfully
used it to DDoS websites. An internet connection as bad as mine (2,500
kb/s) was able to keep a site down for a day with this program running.
Remember that this tool will work best with high internet speeds,
and try not to go for impossible targets (like Google, Myspace,Yahoo).
LOIC is used on a single computer, but with friends it's enough to give
sites a great deal of downtime.

Prerequisites: Download LOIC (Low Orbit Ion Cannon). Open up LOIC.

Step 1: Type the target URL in the URL box.

Step 2: Click lock on.

Step 3: Change the threads to 9001 for maximum efficiency.

Step 4: Click the big button "IMMA FIRIN MAH LAZAR!"

Feel
free to tweak around with these settings and play around with the
program to get the best performance. Then minimize and go do whatever
you need to do, the program will take care of the rest

WARNING:- ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR ANY MISUSE.

Wednesday, 27 June 2012

DoS Attack With Your Home Pc To Any WebSite U Want To Be Killed!!------------------------DoS Attack Stands For Denial of Service Attack------------------------What Is DoS?

A:
Denial of Service (DoS) attackes are aggressive attacks on an
individual Computer or WebSite with intent to deny services to intended
users.DoS attackes can target end-user systems, servers, routers and Network links(websites)

Requirments:1- Command Prompt (CMD or DOS) Which is usually integrated in all Windows.2- Ip-Address of Targeted Site.

How TO GET IP OF ANY SITE??" No problem.. here is the solution..open ur CMD (command prompt).. and type --------------------------------------------------nslookup Site-Name --------------------------------------------------(e.g nslookup www.google.com)It will show u ip of the site.

ohk now write this command in CMD For Attack on Any Site/ Server..---------------------------------------------------ping SITE-IP -l 65500 -n 10000000 -w 0.00001----------------------------------------------------n 10000000= the number of DoS attemps.. u can change the value "10000000" with ur desired value u want to attempt attack.

SITE-IP= Replace the text with the ip address of the site u want to be attacked..

-w 0.00001 = It is the waiting time after one ping attack.

NOTE: Dont Change or Remove -l, -n and -w in this command.. otherwise u will not able to attack!!

Writer don’t intend to get
information by his writing to be used in an illegal way ,don’t do it, if you
get caught then you have yourself to blame.
My information is just for educational purpose only.

This tutorial is written for absolute newbies who don’t know
whats dos attack , technical details is reduced so that basic concept about
what it is get cleared.ok

So don’t email me and say you lack technical knowledge or
your tutorial is less in it.

There are so many available on the net. This one is for
absolute newbie okay.

Dos attacks-“Denial of Service” Attack

It’s the attack to deny the service to the legitmate user
,so that he suffers there are several reasons to do that.

Mostly likely reason is ‘NAST-YINESS’

Okay there are two ways for dos attacks one is the lame way
and the other is the elite way

Lame way

Email Bombs – it s the technique in which a person email Alc
is flooded with emails, it’s the lamest
form of DOS attack. All a person has to do is go on the net get some
email bomber like UNA or KABOOM put the victims address and there ya go , his
email address will be flooded with the unwanted emails, there is also another
way put his email address into some porn subscription he will get bombed
without you doing anything ,LOL

When the victims email alc gets flooded he has a pain in
differentiating and deleting the unwanted emails and it’s the huugee task.

And if the victim is the admin of the server and his email alc
there is flooded it also looses his disk space.

Continous login – suppose a server is configured to allow
only specified amount login attempts then ,and you know his username you can
lock his account, by attempting to connect by his name to the server which will
lock his account and there ya go , the legitmate user wont be able to log in
,the reason, you locked his Alc.

Okay now the neophyte way, its not that elite way but some
what better than the lame way, atleast you are doing something technical.

Syn Flooding

This is a exploit in tcp/ip method of handshake .

Read some basics on tcp/ip okay lets start.

Normal way :-

Syn-packet is sent to the host by the client who intends
to establish a connection

SYN

Client --------------à Host

Then in the second step host replies with syn/ack packet to
the client

SYN/ACK

Client ß--------------Host

Then in the third and the last step

Client replies with ack packet to the host and then the
threeway handshake is complete

Okay got it now ..?

Now in attack

Several syn packet is
sent to host via spoofed ip address(bad
or dead ip addresses) now then what happens the host replies with syn/ack
packet and host waits for the ack
packet.

But however the ip address don’t exist it keeps waiting ,thus it queues up and eats
the system resources and thus causes the server to crash or reboot.

Land attack

A land attack is
similar to syn attack but instead of bad ip address the ip address of the
target system itself is used. This creates an infinite loop , and the target
system crashes.

But however almost all systems are configured against this
type of attacks.

Smurf Attack

A smurf attack is a
sort of brute force dos attack , in which a huge number normally the router
using the spoofed ip address from within the target network , so when it gets
the ping it echos it back causing the network to flood. Thus jamming the
traffic

Udp flooding

This kind of flooding is done against two target systems and
can be used to stop the services offered by any of the two systems. Both of the
target systems are connected to each other, one generating a series of
characters for each packet received or in other words, requesting UDP character
generating service while the other system, echoes all characters it receives.
This creates an infinite non-stopping loop between the two systems, making them
useless for any data exchange or service provision.

Ping of death

This Attack don’t work now as all the servers are patched
against this type of attack

In this attack a target system is pinged with data packet
exceed the normal size allowed by the tcp/ip i.e 65536. this will cause the
system to reboot or hangup.

Tear Drop

When the data is passed from one system into another it is
broken down into smaller fragments, and then in the reciving host they are again reassembled .

These packets have an offset field in there TCP header part
which specifies from which part to which part that data carries or the range of
data that it is carrying. This along with the sequence numbers, this helps the
receiving host to reassemble the data.

In tear drop the packets are sent with the overlapping
offset field values thus the reciveing host is unable to reassemble them and
crashes.

There is new trent
called DDOS attack where several computers mostly (hacked computers) for dos
attacks

Saturday, 16 June 2012

Most
people among us change their IP address and thinks they are anonymous on
internet but one thing they forgot that they can be tracked down with
MAC address which is still there non spoofed. So what to do then? Its
practically impossible to change your MAC address but yes virtually its
possible :). Here is a application called SMAC that can help you to
spoof your MAC address to maintain your anonymity on internet.

SMAC
is a powerful, yet an easy-to-use and intuitive Windows MAC Address
Modifying Utility (MAC Address spoofing) which allows users to change
MAC address for almost any Network Interface Cards (NIC) on the Windows
VISTA, XP, 2003, and 2000 systems, regardless of whether the
manufacturers allow this option or not.

Yeah,
now you can also search anything, anytime, anywhere on Google without a
internet connection. Google on your mobile either it’s a Smartphone or
low cost phone it will help you with his SMS service. You don’t need to
buy a expensive phone’s out of your budget to just surf for internet on
the go.

Please follow the following step:-

1. You have to just type your keywords (You want to search) in your phone message box (create message).

2.Then add receipt send it to 9773300000. And it will comeback you the answer within a few seconds.

Friday, 15 June 2012

The Social Engineering Toolkit (SET) is a python-driven suite of custom
tools which solely focuses on attacking the human element of
penetration testing. It’s main purpose is to augment and simulate
social-engineering attacks and allow the tester to effectively test how a
targeted attack may succeed.

This is the change log:

Added a new feature to the SET
interactive shell, grabsystem. Will allow you to elevate permissions on
victi machine. Does not work on XP SP2 and below.

Fixed a bug where if grabsystem was called on with UAC bypass, the UAC-Safe shell would hang

Added better error handling of sockets and addresses in the socket handlers in the interactive shell

Updated the code base in the shell.binary to add the new grabsystem and add better error handling

Added default handling if listener port was nothing, defaults to port 443 now

Fixed a bug in how third party handlers responded to certain character sets

Slowly moving to __init__.py method as it’s proper and easier than sys.path.append

Before performing the steps below, be sure to install subversion
before installing the selected tools. Subversion is simply a source
version repository that allows you to keep up to date with any
modifications or changes to SET.

The Social-Engineering Toolkit (SET) is a python-driven suite of
custom tools which solely focuses on attacking the human element of
pentesting. It’s main purpose is to augment and simulate
social-engineering attacks and allow the tester to effectively test how a
targeted attack may succeed. Currently SET has two main methods of
attack, one is utilizing Metasploit payloads and Java-based attacks by
setting up a malicious website (which you can clone whatever one you
want) that ultimately delivers your payload. The second method is
through file-format bugs and e-mail phishing. The second method supports
your own open-mail relay, a customized sendmail open-relay, or Gmail
integration to deliver your payloads through e-mail. The goal of SET is
to bring awareness to the often forgotten attack vector of
social-engineering.
To download the Social-Engineer Toolkit, type the following:

Artillery is a honeypot/monitoring/prevention tool used to protect
Linux-based systems. Artillery will setup multiple ports on the nix
system and if anything touches it will automatically blacklist them. In
addition, it monitors the filesystem for changes and emails the changes
back to you. It also detects SSH brute force attacks and automatically
blocks them as well.

In this post we will not talk or
explain the mechanism behind clickhijacking attack. The goal and moto of
this post is to let you know how abusive this attack has been since
past recent months.

So for those of you who don't know Clickjacking is?, it is a method of
hijacking a users click in tricking him to click in to clicking some
thing else. In the past Clickhijacking was used to hijack users click in
to clicking on advertisements and make revenue.

Here is an example of a wordpress clickhijacking script that costs about
15$, that would trick the users into clicking ads without annoying
them.

However now a days clickjacking is being used for tricking users in to
liking a facebook page. As you might know that due to panda effect
internet marketers are seen to be more focused on social media
promotion. Therefore clickjacking scripts provid lots and lots of
benefits to people who tend to use black hat SEO for promotion of the
website and facebook pages.

But what makes this even worse is the people distributing the
clickjacking scripts for free or selling it. Recently I came across
dozens of forums selling clickjacking scritps on a very cheap rate.

In order to demonstrate how clickjacking works, I setup a page on my free hosting account embedded with clickjacking script that would trick the users into liking the following page on clicking:

Here is thescreenshot of the page where I installed Clickjacking script. (I took the script from an online forum and then modified it to meet my needs). The infected page stated the following:

On clicking the click here to download your FreeToSell Package link the script was initiated which automatically liked the voteformypic page.

By now you might have understood the whole idea behind the clickjacking
attack. However if you would like to see more detailed analysis, I would
recommend you to check the following post Hijacking Facebook Users With Clickjacking